[cabfpub] Mozilla SHA-1 further restrictions

Gervase Markham gerv at mozilla.org
Mon Nov 21 19:12:45 UTC 2016


On 18/11/16 15:27, Rob Stradling wrote:
> RFC6962 precertificates are X.509 certificates, but 6962-bis
> precertificates are CMS signed-data objects.
> 
> See
> https://tools.ietf.org/id/draft-ietf-trans-rfc6962-bis-20.html#rfc.section.3.2
> 
> Does that make them "non-certificate data" ?

Hang on... why would someone be signing one of these using SHA-1? SHA-1
use in the WebPKI is banned.

Gerv



More information about the Public mailing list